BUNDESREPUBLIK DEUTSCHLAND. 





Prioritatsbescheinrgung Uber die Einreichung 
einer Gebrauchsmusteranmeldung 



Aktenzeichen: 



Anmeldetag: 



203 14 722.7 



23. September 2003 



PRIORITY 
DOCUMENT 

SUBMITTED OR TRANSMITTED IN 
COMPLIANCE WriHRULE 17.1(a) OR (b) 



Anmelder/lnhaber: 

Bezeichnung: 



SCM Microsystems GmbH, 85737 Ismaning/DE 



Device for Secure Access to Digital Media Contents, 
Virtual Multi-Interface Driver and System for Secure 
Access to Digital Media Contents 



IPC: 



G 06 F 12/14 



Die angehefteten Stiicke sind eine richtige und genaue Wiedergabe der ur- 
sprunglichen Unterlagen dieser Gebrauchsmusteranmeldung. 



Munchen, den 23. September 2004 
Deutsches Patent- und Markenamt 
Der President' 
Im Auftrag 




BEST AVAILABLE CX)PY 



# 




PRINZ & : P AR3HER bbk 

patentanwAlte 
european patent attormeys 
european trademark attorneys 




? 




Manzingerweg 7 
D-81241 Munchen 
Tel.: + 49 89 89 69 8-0 
Fax: +49 89 89 69 8-211 
Email: info@prummdpartner.de 



SCM Microsystems GmbH 
Oskar-Messter-Str. 13 
85737 Ismaning 

S 4992 DE 
JS /JS 



10 



15 



23 September 2003 



Device for Secure Access to Digital Media Contents, 

Virtual Multi-Interface Driver and 
System for Secure Accesis' to Digital Media Contents 



The present invention relates to a device for secure access to digital media 
5 contents. The invention further relates to a virtual, multi-interface driver and to a 
system for secure access to digital media contents. 

Secured data storage has become a new application for digital media. All 
digital media dp not have in-built security. Hence in;order to store bulk data in a 
secured feshion it is required to add some external security mechanism. Smart, 
card protection is one ideal candidate for such, a mechanism as it is one of flie 
most proven technologies for security products. . 

Media containing embedded smart card controllers have reached the market. 
Hence it has become a necessity for the device to support smart card commands. 
But most of the digital media readers available in the market are single interface 
devices that are mass storage compliant. They cannot dkectly support the new 
media with embedded smart card controllers due to their architectural limitation. 

In. order to prevent. unauthorized access to digital media contents and to 
overcome the above-mentioned architectural limitation of single interface devices, " 
the invention provides device for secure access to digital media co.ntents as recited 
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in claim 1, a virtual multi-interface driver as recited in claim 18 and a system for 
secure access, to digital media contents as recited in claim 24. Expedient and 
advantageous embodiments of the invention are recited in the subclaims. 

Further details and advantages of the invention become apparent from the 
5 foUowing description of several prior art systems for access to digital media 
contents and of a prefenred embodiment of the invention. The description makes, 
reference to the accompanying drawings, in which: 

Figure 1 shoWs a prior art system including a single interfece. USB device; 

Figure 2 shows a prior art system including a composite device; 

10 Figure s shows a prior ait system according to the core USB firework; 

Figure 4 shows a prior art system accoiding to an extended USB device 
framework; •. ' 

Figure 5 shows a schematic electrical diagram of a further prior art system; 

Figure 6 shows a schematic electrical diagrin of a system according to a 
15 preferred embodiment of the invention; ■ 

Figure 7 shows possible ^Ucatioh scenarios for the virtual multi-interface 
driver according to the invention; 

Figure 8 shows a logical connection diagram of the system according to the 
. preferred embodiment of the invention; 

10 Figure 9 shows the software architecture of tiie system according to the 
preferred emijodiment of the invention; and , ' 

Figure 10 is a command flow diagram for the device accordiiig to the 
preferred embodiment of the invention. 

Figure 1 iUustiiates a prior art system according to Ihe MSDN Library (under 
flie topic: Windows Driver Stack for Windows XP and LATER, 



PRmZ&PAPlNFR- . . • 

S 4992 DE -3/14- 23. SEPTEMBER 2003 

http://insdn.inicrosoft.com/librarv/de faidt.asD?url=/librarv/en-^ 
usbsystem 6ofb.asp). The device shown in Figure 1 is a single interface USB 
device that has either a mass storage interface (left part of Figure 1) or a smart 
card interface (right part of Figure 1). The driver loaded for the device is. provided 
by Microsoft Windows OS. Only the fiinctionality of one of the interfaces can be 
achieved at an instance, depending on whether it is a digital media reader or a 
smart card reader; This architecture is incapable of supporting a second device 
function (e.g. a smart card reader in addition to a digital media reader) as the 
device only has a single physical interface. 

Figure 2 shows a further prior art system according to tihe MSDN Library 
(under the topic: Selecting the Configuration for a Multiple-Interface (Composite) 
USB Device, http://msdn .microsoft.coiri/librarv/default.asp?url=/librarv/en-us/ 
biises/hh/buses/usb-con fig 6xev.aspV The device shown in Figure 2 is a 
composite device which has two interfaces defined in its configuration descriptor. 
One interface is confined to mass storage class and the other interfece is confined 
to the class of smart cards. Both interfaces do physically exist in the device itself 
(although the device only comprises a single connector). Microsoft Windows OS 
provided drivers get loaded separately for each interface. The functionalities of 
both mass storage intarfece and smart card interfece are available. This ^e of 
architecture has a limitation in that, for achieving the functionality and the 
intelligence of a mviltiple interfece device, it is a must that Ihe device itself 
contains multiple interfaces. Devices with a single physical interface cannot 
benefit fijom tiiis architecture. Also, it requires both digital media and the smart 
card to be present in the reader for communicating with their respective interfaces. , 
Further, this architecture cannot suppoTt a single digital medium with a smart card- 
controller embedded within it. ' 

The prior art system illustrated in Figures 3 also is a system according to 
MSDN Library (under the topic: Windows Driver 'Stack for Windows XP and 
LATmi, http://msdn.rpicrosoft.com/Iibrarv/default.asp?virl=/librarv/en-us/buses/ 
hh/buses/usbsvstem 6ofh.a.^V As can be seen in Figure" 3 the base configuration 
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. model assumed by the core USB framework imposes a one-to-one association 
between an interfece and a device fonction. System software is designed to the 
intent of the core specification and assumes one driver per function and one 
interface. 

5 The prior art system shown in Figure 4 is in accordance with aA extended USB 
device framework (see USB Engineering Change Notice, Title: Interface 
Associatioii Descriptors, applying to Universal Serial Bus Specification, Revision 
2.0), defining a new standard descriptor and interfece descriptor that allows a 
device to describe which interfaces are associated with the same device function. 

0 Hiis allows the operating system to bind all of the appropriate interfaces, to the 
same driver instance. Figure 4 shows that device class specifications have defined . 
device fimctions that use multiple interfabes. A functional driver gets loaded for a 
device which contains two interfaces (0 and 1), i.e. the model uses one fimctional 
driver per function, but binds multiple interfaces to the same driva instance. 

Figure 5 shows a prior art system that provides a certain level of security to 
digital media contents. The system is a hub-based solution that contains both a 
digital niedia reader and a smart card reader. The two readers are internally 
connected to a USB hub that is connected, in turn, to the USB port. Each of the 
readers has an individiial host interface. One of the shortcomings of this solution 
is that the host computer requires two interfaces, i.e, two USB ports. Another 
drawback is that the data being sent to the digital media thro^igh the digital media 
reader can be tapped easily at the host interface points. Hence, security is 
cotnpromised. 

Figure 6 shows a system for secure access to digital media contents according 
to a preferred embodiment of the invention. The system includes two major 
components: a device according to the invention, hereinafter referred to as "secure 
digital niedia reader", which is connected to a host (a PC, for example), and a 
'•virtual multi-interface driver" according to the invention, which will be described . 
in detail later. 
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The secure digital media reader includes an access means for accessing digital 
media contents from a data source, hereinafter referred to as "digital media 
reader", and a reader for authenticating a user, in particular a smart card reader. 
The two readers are located in a single external housing. The device can. be either 
accommodated inside the host or be ah external unit remote from the host. The' 
digital media reader and the smart card reader may be two independent units or a 
single integrated unit, i.e. each reader may have its own processor unit. 

The digital media reader is the device through which the digital media contents 
are accessed. The digital media can be interfaced to the digital media reader 
through any suitable standard interface such as Compact Flash (CF), Smart Media 
(SM), Secure Digital, Picture Card (xD), Multimedia Card (MMC)i etc. (see IF 1 
in Figure 6). The digital media reader can be a module, a system-on-chip (SOC). 
or a single chip system. 

The smart card reader communicates with a smart card, which may be 

embedded inside the smart card reader. On the smart card electronic key 

information (a digital key) required to access the digital media contents is stored. 

The smart card can be interfaced to the smart card reader through any suitable 

standard interface such as ISO 7816, 12C, Contactless Smart Card Interface, etc. 

(see IF 2 in Figure 6). The smart card reader can be a module, -a system-on-chip 

(SOC) or a single chip system. 

■ . • ■ ■ ■ * 

There is an internal commimication channel between the smart card reader and 

the digital media reader. This type of communication is used to guarantee a secure 

transfer of the digital key from the smart card reader to the digital media reader. It 

is flixis ensured that the dijgital key is not externally visible for any snooping. The 

communication channel may also be used to transfer a PIN code to the digital 

media reader for additional security. In other words, the internal communication 

channel between the smart card reader and the digital media reader is used to 

protect the secure data communication within the secure digital media reader to 

provide a very high level of security. 



PRINZ& Partner- 
S 4992 DE 



23. SEPTEMBER 2003 



As can.be seen in Figure 6, only a single data channel between the secure 
digital media reader and the host is provided, using an electrical mdustry standanl 
interface, which may be an interface designed for wireless -data communication. 
Suitable interface standards include USB, SCSI, Firewire, WiFi, Bluetooth, 
5 HyperLAN. 

The digital media contents in the media reader are available to the host only 
when the correct smart bard has been iiiserted and authenticated. The digital key is 
not compromised since the key is no^.^ansferred through an open channel. Thus, a 
user cannot access the digital media intents as he does with unsecured digital 
10 media. A smart card with a proper digital key stored thereon, (optionally in 
combination with a PIN code entered by means of a PIN pad provided on the 
device or a keyboard of the host) has to be . used to access the digital media 
content. A mismatch in smart card (or PIN code) will result in denial of 
authentication to access the media. Thus, only the owner can access tiie digital 
media contentSi 

The invention makes use of a common software layer referred to as "virtual 
multi-interfece driver for secure media". The .virtual multi-interface driver 
tiansforms the sepure digital media reader into one or more of the foUowing: 

r a standard mass storage compliant reader, after proper auflientication; 

- a staiidard CCID/PCSC compliant smart card reader; 

- a secure digital media reader, which shaU allow access to digital media 
contents only on authentication with a smart card. The digital media conteiits may 
be partitioned witii a secure and an unsecured portion. In this case the secure 
portion can be accessed only after authentication, while the unsecured portion is 
always available for access by the user. 

The concept of tiie virtual multi-interface driver , according to the invention • 
will now be described. In general, a driver is a software component that acts as an 
interface between a device and an application software. A multi-interface USB • 
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device or a composite USB device has more than one USB interface, e.g. a mass 
storage class interface and a CCID interface. In other words, a composite device 
with a mass storage interface and a CCID interface can function both as a mass 
storage device as well as a smart card reader. A driver that supports more than one 
USB interface is known as a composite driver. A generic . composite driver 
exposes the multiple interfaces of the device to the application software. This is 
tme only if the devipe has the capability to have more than one interface. 

If the device is incapable to siq)port more than one interface due to its 
architectural limitation, the virtual multi-interface driver according to the 
invention' dan be used to overcome the architectural limitation and still expose the 
device as a multi-interface device. The virtual driver functions just like any other 
USB composite driver v^th additional intelligence to handle the multiple 
interfaces. Thus, with limited hardware, it is possible to get the complete 
functionahty of composite devices. 

Figure 7 illustrates several possible application scenarios for the virtual multi- 
interface driver. The device shown in Figure 7 has a single electrical interface, in 
particular a mass storage class interface. The virtual multi-interface driver is 
loaded for the device. It is apparent from the figure that the virtual multi-interface 
driver reports two logical 'interfaces to the host. The first logical interface is the 
mass storage device interface which actually exists in the device; a mass storage 
driver provided by the operation system of the host (Microsoft Windows, for 
example) gets loaded for the fiist interface. The second logical interface is the 
virtual smart card interface which is careated by the virtual multi-interface driver; a 
smart card driver provided by the operating system of the host gets loaded for the 
second interface. 

The virtual multi-interface driver has the intelligence of projecting a single 
interface as a composite device to the host. The virtual multi-interface driver 
achieves this by creating a virtual smart card interface in the driver itself The 
virtual interface is a logical one and does not physically exist on the secure digital 
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media reader. The host system accepts that there is a mass storage device and a 

I 

smart card device present in the system. 

But, according to the logic connection diagram shown in Figure 8, the smart 
card reader shown in Figure 7 is actually a virtual device. Thus, the virtual multi- 
5. interface driver successfully emulates a composite device by using a device that is 
architectured to support only a single interface i.e. only the mass storage interface. 
A driver letter appears for the mass storage device throu^ which the mass storage 
device interface can be accessed and the data contents can be read or written from 
or to the digital medium. To access the smart card interface, any application which 
10 is intended for a valid smart card reader can be used. Both interfaces cannot be 
accessed simultaneously. When the mass storage device interface is in use the 
smart card interface is locked and vice versa. But it is possible to switch between 
these interfaces by giving a single command to the device. 

The commands received from the mass storage device driver provided by 
15 Microsoft Windows OS are in SCSI command format and are directed to the 
device as such. This is the function of the ihass storage device interface portion of 
virtual multi-interface driver. The commands received from the smart card driver 
provided by Microsoft Windows OS are in smart card command format The 
virtual multi-interface driver converts smart card command format to SCSI 
20 conmiand format and directs the converted commands to the device (see 15 in 
■ Figure?). • , . 

Reference is now made to application 12 shown in Figxjre 7 (digital media with 
PIN support). The virtuaj multi-interface driver supports Windows log-on through 
a digital media that supports PIN. During log-on the user will be prompted to 
25 enter a PIN. Once this happens the PIN which the usct has entered is compared 
with the PIN stored in the digital media. If the match is foimd, the user will be 
allowed to log on to Windows through this media. 

Regarding application 13 shown in Figure 7 (secure digital media reader), the 
virtual multi-interface driver supports a secure digital media reader according to 
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the invention * The user who wants to access the contents of the digital media 
should correctly enter the key stored in the smart card. The secure digital media 
reader thus avoids tampering of aitical data stored on the digital medium. 

Regarding application 14 shown in Figure 7 (digital media with smart card 
controller) thp virtual multi-interface driver supports access to the digital media 
with an embedded smart card controller. The device, which is a mediator betweaa 
the driver and the media, needs to support only a single electrical interface. Since 
the virtual multi-interface driver has the intelligence of creating virtual logical 
.interfaces, both mass storage commands and smart card commands received from 
the host can be handled perfectly. This application of the virtual multi-interface 
driver gives the user a "look and feel'* of using both a smart .card reader as well as 
mass storage reader. - , 

The above-described application scenarios show that the virtual multi-interface 
driver is not only capable of Stqpporting a device according to the invention in 
order to read, digital media contents which are at least partially secured by a smart 
card, but also provides backward compatibility for existing media. 

Figure 8 further illustrates the software architecture of the system according to 
the preferred embodiment, of the invention. The virtukl multi-interface driver is 
actually a composite driver above which two separate functional drivers (ujpper 
mterface specific software layers, which are normally shipped with the operating 
system) get loaded, one for each interface. If there are more than two interfaces 
provided by virtual multi-interface driver, then so many functional drivers will get 
loaded above the virtual multi-interface driver. The requests from the application 
layer are routed to the upper interface specific software layers. These requests are 
sent to the virtual multi-interface driver. The virtual multi-interface driver just 
routes the conmands to the device and helps to maintain synchronization with the 
application. Using the operating system provided drivers helps to maintain the 
application level compatibility. 
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Figure 10 shows flie self-explanatory command flow for the secure digital 
media reader, with a secure authentication module (SAM) being provided by the 
smart card. 

It has to be understood that the above detailed description refers to a preferred 
5 embodiment of the invention. However, the invention is not limited to this 
embodiment as there are various other embodiments possible within the ^cope of 
the accompanying claims which are apparent to a person skilled in the art. For 
example, the digital media reader may be a device capiable of accessing digital 
media contents! from one of the following data soiirces: a hard disk, a removable 
10 disk, a CD, a DVD, a flash memory, the internet. Further, instead of a smart card 
reader, any reader capable of reading and transmitting an authentication 
information may be used, like a reader capable of retrieving biometric information 
from a user, e.g. a reader including a fingerprint sensor, or an iris, face or voice 
recognition means. 

15 



« 
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Claims 

1 . A device for secure access to digital media contents, the device comprising 
an access means for accessing digital media contents from a data sotirce and a 
reader for authenticating a user, the authentication being performed by checking 
some authentication data, characterized by an internal communication path 
between the access, means and the reader which is not directly accessible from 
outside the device. 

2. The device acjcording to claim 1, characterized in that the device only has a 
sinjgle electrical interface for connection to a host. 

3. The device according to claim 2, characterized in that the single electrical 
interface represents at least two logical inteirfaces, a first logical interface being 
compatible to the digital media and a second logical interface being compatible to 
the authentication data. 

f. 

4.. The device according to claim 3. characterized in that the single electrical 
interface is designed according to one of the following standards: USB, SCSI, 
Firewire, PCMCIA, WiFi, Bluetooth, HyperLAN, 

5. The device according to any of the preceding claims, characterized in that 
the access means and the reader share a common processinjg unit. 

6. The device according to any of claims 1 to 4, characterized in that tlie 
access- means and the reader use different processing units, the conununication 
pafli including a communication chaimel between the processing xmits. 

7. The device according to any of the preceding claims, characterized in tiiat 
the access means and the reader are accommodated in a single housing. 

8. The device according to any of the preceding claims, characterized in fliat 
the reader is a smart card reader capable of accessing a key stored on a smart card. 
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9. The device according to claim 8, characterized in that the device comprises 
means for entering a PIN code and is capable of releasing the key after a PIN code 
match is determined. 

10. The device according to claim 8 or 9, characterized in that the smart card 
containing the key is interfaced to the smart card reader through one of ^ the 
following interfaces: ISO 78 1 6, 12C, Contactless Smart Card Interface, 

11. The device according to any of claims 8 to 10, characterized in that the 
smart card is embedded inside the reader. 

12. The device according to any of claims 1 to 7, characterized in that the 
reader is capable of retrieving biometric information from the user. 

13. The device according to claim 12, characterized in that the reader includes 
one of the following: a fingerprint sensor, an iris recognition means, a face 

* recognition means, a voice recognition means. , 

14. The device according to any of the jpreceding claims, characterized in that 
the data source is one . of the following: a hard disk, a removable disk, a CD, a 

DVD, a flash memory embedded inside the device, a removable flash memory. 

• . ' ... ' 

15. The device according to any of claims 1 to 13, characterized in that the 
access means includes a modem capable of retrieving data from a remote network, 
especially from this internet 

^ 16. The device according to any of the preceding claims, characterized in that 
at least one of liie access means and the reader is a module which can be inserted 
into and removed from the device. 

17. The device according to any of claims 1 to 15, chgractenzed in that at least 
one of the access means and the reader is a system-on-chip (SOC) or a single chip 
system. 
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18: A virtual multi-interface driver for supporting a device having at least two 
device functions and being connectable to a host via a single electrical interface, 
characterized in that the virtual multi-interface driver reports at least two logical 
interfaces to the systrai software of the host, in the logical interfaces including at 
least one virtual interface in addition to the single electrical interface. 

19. The virtual multi-interface driver according to claim J 8, characterized in 
that the virtual multi-interface driver is capable of switching between the two 
logical interfaces in response to a switch command* 

20. The virtual multi-interface driver according to claim 18 or 19, 
characterized in that the virtual multi-interface driver creates a virtual user 
authentication interface. 

21. The virtual multi-interface driver according to any of claims 18 to 20, 
characterized • in that the virtual multi-interface driver converts commands 
received from the operating system of the host into a format compatible with the 
single electrical interfece, 

22. The virtual multi-interface driver according to blaim 21, characterized in 
that the virtual multi-interface driver converts conamands from a smart card- 
conaanand format into an. SCSI command format. 

23. The virtual multi-interface driver according to any of claims 18 to 22, 
characterized in that the virtual multi-interface driver reports n-1 yirtual interfaces 
to the systpm software of the host, with n being the number of device ftmctions. 

24. A system for seciire access to digital media contents, the system 
coniprising a device according to any of claims 1 to 17, a virtual multi-interface 
driver according to any of claims 1 8 to 23 and a host. 

25. The system according to claim 24, characterized in that the device is 
coimected to the host via a single electrical interface provided on the device, thus 
only a single data channel being provided for communication between the device 
and the host. 
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26. The system according to claim 24 or 25, characterized in that the virtual 
multi-interface driver acts as an interface between the drivers of the access means 
and of the reader, which are loaded by the system software of the host, on the one 
side and the single electrical interface of the device on the other side. 

27. The system according to any of claims 24 to 26, characterized in that the 
. host comprises means for entering a PIN code, the PIN code or a derivative 

thereof being communicated to the device via the single data channel. 

.28. The system according to any of claims 24 to 27, characterized in that the 
device is accommodated inside the host. ' 

• 29. The system according to any of claims 24 to 27, characterized in that tiie 
device is an external unit remote from the host. 

30, The. system according to any of claims 24 to 29, characterized in that the 
device comprises a plurality of device functions, the virtual multi-interface driver 
reporting n-1 virtual interfaces to the system software of the host, with n being the 
number of device functions provided in the device. 
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Fig. 3 
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Fig. 10 
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